package com.woniuxy.configuration;

import java.util.LinkedHashMap;
import java.util.Map;

import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import com.woniuxy.realm.MyRealm;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;

@Configuration	//表示当前类是一个配置类，作用与xml是一样的，各种bean
public class ShiroConfiguration {
	/*
	 * <bean id='myRealm' class='com.woniuxy.realm.MyRealm'>
	 * 
	 * <bean id='securityManager' class='org.apache.shiro.mgt.SecurityManager'>
	 * 	<property name='realm' ref='myRealm'>
	 * </bean>
	 */
	//1.realm：域，作用用于从数据库中读取账号、角色、权限信息<bean id=''>
	@Bean
	public MyRealm myRealm() {
		return new MyRealm();
	}
	
	//2.securitymanager	安全管理，shiro核心
	@Bean
	public SecurityManager securityManager(MyRealm myRealm) {//<property name='realm' ref='myRealm'>
		DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
		manager.setRealm(myRealm);
		return manager;
	}
	
	
	//3.shiro的过滤器：指定哪些操作需要认证、需要指定的权限
	@Bean
	public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
		//创建过滤器的工厂对象
		ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
		//设置安全管理器
		factoryBean.setSecurityManager(securityManager);
		
		//安全配置
		//设置登录页面
		factoryBean.setLoginUrl("/login.html");
		
		//没有权限时跳转到哪个页面
		factoryBean.setUnauthorizedUrl("/error.html");
		
		//认证成功之后跳转到指定的页面
//		factoryBean.setSuccessUrl("/index33.html");
		
		//****过滤器的配置****
		Map<String, String> map = new LinkedHashMap<>(); //有序的map
//		map.put("/", "anon");//anon 匿名访问，不需要登录 
//		map.put("/index33.html", "anon");//anon 匿名访问，不需要登录 
		map.put("/login.html", "anon");
		//放行静态资源
		map.put("/css/**", "anon"); //  /* 表示当前目录下的     /**：当前目录及其子目录下
		map.put("/js/**", "anon");
		
		map.put("/build/**", "anon");
		map.put("/pages/**", "anon");
		map.put("/plugins/**", "anon");
		map.put("/docs/**", "anon");
		map.put("/dist/**", "anon");
		map.put("/lilei.css", "anon");
		//动态请求放行
		
		
		map.put("/user1/login1", "anon");
		map.put("/redis/**", "anon");
		
		//设置访问url的角色
		map.put("/customer_account.html", "roles[manager]");
		map.put("/sell.html", "roles[saleman]");
		map.put("/register1.html", "roles[manager]");
		
	map.put("/pickgoods/**", "perms[manager:find]");

		
		//注销
		map.put("/logout", "logout");//logout  登出操作，让session过期
		
		//除开以上情况都需要先认证才能访问
		map.put("/**", "authc");	//authc 认证authentication
		
		
		//将map赋值给shiro过滤器     
		factoryBean.setFilterChainDefinitionMap(map);
		
		
		return factoryBean;
	}
	
	//配置shiro注解
	//注解
	@Bean
	public AuthorizationAttributeSourceAdvisor createAasa(SecurityManager securityManager) {
	        AuthorizationAttributeSourceAdvisor aasa 
	        		= new AuthorizationAttributeSourceAdvisor();
	        aasa.setSecurityManager(securityManager);
	        return aasa;
	}
	//注解aop
	@Bean
	@ConditionalOnMissingBean
	public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
	        DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
	        defaultAAP.setProxyTargetClass(true);
	        return defaultAAP;
	}

	@Bean
	public ShiroDialect shiroDialect() {
	    return new ShiroDialect();//为了在thymeleaf里使用shiro的标签的bean
	}
	
}


